Practical Security Automation and Testing: Tools and techniques for automated security scanning and testing in DevSecOps

Tony Hsiang-Chih Hsu

  • 出版商: Packt Publishing
  • 出版日期: 2019-01-31
  • 售價: $1,810
  • 貴賓價: 9.5$1,720
  • 語言: 英文
  • 頁數: 256
  • 裝訂: Paperback
  • ISBN: 1789802024
  • ISBN-13: 9781789802023
  • 相關分類: 資訊安全
  • 海外代購書籍(需單獨結帳)

相關主題

商品描述

Your one stop guide to automating infrastructure security using DevOps and DevSecOps

Key Features

  • Secure and automate techniques to protect web, mobile or cloud services
  • Automate secure code inspection in C++, Java, Python, and JavaScript
  • Integrate security testing with automation frameworks like fuzz, BDD, Selenium and Robot Framework

Book Description

Security automation is the automatic handling of software security assessments tasks. This book helps you to build your security automation framework to scan for vulnerabilities without human intervention.

This book will teach you to adopt security automation techniques to continuously improve your entire software development and security testing. You will learn to use open source tools and techniques to integrate security testing tools directly into your CI/CD framework. With this book, you will see how to implement security inspection at every layer, such as secure code inspection, fuzz testing, Rest API, privacy, infrastructure security, and web UI testing.

With the help of practical examples, this book will teach you to implement the combination of automation and Security in DevOps. You will learn about the integration of security testing results for an overall security status for projects.

By the end of this book, you will be confident implementing automation security in all layers of your software development stages and will be able to build your own in-house security automation platform throughout your mobile and cloud releases.

What you will learn

  • Automate secure code inspection with open source tools and effective secure code scanning suggestions
  • Apply security testing tools and automation frameworks to identify security vulnerabilities in web, mobile and cloud services
  • Integrate security testing tools such as OWASP ZAP, NMAP, SSLyze, SQLMap, and OpenSCAP
  • Implement automation testing techniques with Selenium, JMeter, Robot Framework, Gauntlt, BDD, DDT, and Python unittest
  • Execute security testing of a Rest API Implement web application security with open source tools and script templates for CI/CD integration
  • Integrate various types of security testing tool results from a single project into one dashboard

Who this book is for

The book is for software developers, architects, testers and QA engineers who are looking to leverage automated security testing techniques.

Table of Contents

  1. The Scope and Challenges of Security Automation
  2. Integrating Security and Automation
  3. Secure Code Inspection
  4. Sensitive Information and Privacy Testing
  5. Security API and Fuzz Testing
  6. Web Application Security Testing
  7. Android Security Testing
  8. Infrastructure Security
  9. BDD Acceptance Security Testing
  10. Project Background and Automation Approach
  11. Automated Testing for Web Applications
  12. Automated Fuzz API Security Testing
  13. Automated Infrastructure Security
  14. Managing and Presenting Test Results
  15. Summary of Automation Security Testing Tips

商品描述(中文翻譯)

您的一站式指南,教您如何使用DevOps和DevSecOps自動化基礎設施安全。

主要特點:
- 安全且自動化的技術,用於保護網頁、移動應用或雲服務
- 自動化C++、Java、Python和JavaScript的安全代碼檢查
- 將安全測試與模糊測試、BDD、Selenium和Robot Framework等自動化框架整合

書籍描述:
安全自動化是自動處理軟體安全評估任務的過程。本書將幫助您建立安全自動化框架,以在無需人工干預的情況下掃描漏洞。

本書將教您採用安全自動化技術,持續改進整個軟體開發和安全測試過程。您將學習使用開源工具和技術,將安全測試工具直接整合到CI/CD框架中。通過本書,您將了解如何在每個層面實施安全檢查,例如安全代碼檢查、模糊測試、Rest API、隱私、基礎設施安全和網頁UI測試。

通過實際示例,本書將教您在DevOps中實現自動化和安全的結合。您將了解如何將安全測試結果整合到項目的整體安全狀態中。

通過閱讀本書,您將能夠自信地在軟體開發的各個階段實施自動化安全,並能夠在移動和雲端發布過程中建立自己的內部安全自動化平台。

您將學到什麼:
- 使用開源工具和有效的安全代碼掃描建議,自動化安全代碼檢查
- 應用安全測試工具和自動化框架,識別網頁、移動應用和雲服務中的安全漏洞
- 整合OWASP ZAP、NMAP、SSLyze、SQLMap和OpenSCAP等安全測試工具
- 使用Selenium、JMeter、Robot Framework、Gauntlt、BDD、DDT和Python unittest等自動化測試技術
- 執行Rest API的安全測試,使用開源工具和CI/CD整合的腳本模板實現網頁應用程式安全
- 將單個項目中各種類型的安全測試工具結果整合到一個儀表板中

本書適合對自動化安全測試技術有興趣的軟體開發人員、架構師、測試人員和QA工程師。

目錄:
1. 安全自動化的範圍和挑戰
2. 整合安全和自動化
3. 安全代碼檢查
4. 敏感信息和隱私測試
5. 安全API和模糊測試
6. 網頁應用程式安全測試
7. Android安全測試
8. 基礎設施安全
9. BDD接受安全測試
10. 項目背景和自動化方法
11. 網頁應用程式的自動化測試
12. 自動化模糊API安全測試
13. 自動化基礎設施安全
14. 管理和呈現測試結果
15. 自動化安全測試技巧摘要